[Openswan Users] Routing problem with NETKEY

Jani Joki demi at futuremark.com
Tue Aug 8 11:40:36 EDT 2006

Quoting Andy Gay (andy at andynet.net):
> So change that INPUT to PREROUTING
> > iptables -A INPUT -p 50 -j ACCEPT
> > iptables -A INPUT -p 51 -j ACCEPT
> > iptables -A INPUT -p 4 -j ACCEPT
> Add a LOG rule here so you can see what's getting dropped. Didn't I
> suggest that already?

Adding the LOG actually did solve the problem, though probably not quite
how you intended :),

I setup syslog to capture kern.* to a different file and was watching
it for the logged packets - during which I noticed that everytime
traffic coming in from the tunnel was received, I got an entry such
as this one:

Aug  8 16:09:36 firewall kernel: audit(1155042576.624:11049): avc:  denied  { sendto recvfrom } for  scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=association

And surely enough, as soon as I disabled SELinux the tunnel started working

Thanks to everyone for their help. :)

        Jani Joki        Senior Technical Manager   Futuremark Corporation
jani.joki at futuremark.com     +358 20 759 8264         www.futuremark.com

More information about the Users mailing list